Manual Chapter : BIG-IP Administrators guide v2.1: BIG/pipe Command Reference

Applies To:

Show Versions Show Versions

BIG-IP versions 1.x - 4.x

  • 2.1.4 PTF-01, 2.1.4, 2.1.3 PTF-04, 2.1.3 PTF-03, 2.1.3 PTF-02, 2.1.3 PTF-01, 2.1.3, 2.1.2 PTF-02, 2.1.2 PTF-01, 2.1.2, 2.1.1, 2.1.0
Manual Chapter


B

BIG/pipe Command Reference



BIG/pipe commands

This appendix lists the various BIG/pipe commands with descriptions. Some entries contain additional information about using the command. At the end of the appendix is a list of commands from previous versions of the BIG/pipe utility.

Command Description Page
-? Displays online help for an individual bigpipe command. B-4
alias Defines an IP alias to be pinged on behalf of a specific group of nodes. B-5
configsync Synchronizes the /etc/bigip.conf between the two BIG/ip Controller units in a redundant system. B-7
conn Shows information about current connections such as the source IP address, virtual server and port, and node connected to. B-8
-d Verifies command syntax for the specified command without executing a command. B-9
-f Resets the BIG/ip Controller and loads a specified configuration file. B-10
failover Sets the BIG/ip Controller as active or standby. B-11
gateway Turns the gateway fail-safe feature on and off. B-12
-h and -help Displays online help for BIG/pipe command syntax. B-13
interface Sets options on individual interfaces. B-14
lb Sets the load balancing mode. B-19
maint Toggles the BIG/ip Controller into and out of maintenance mode. B-20
mirror Sets mirroring of the active BIG/ip Controller to the standby controller. B-21
nat Defines external network address translations for nodes. B-22
node Defines node property settings. B-24
persist Defines and displays persistence settings for simple TCP and UDP persistence. B-27
port Defines properties for virtual ports. B-29
-r Clears the BIG/ip Controller define and counter values. B-31
ratio Sets load-balancing weights and priority levels used in the Ratio and Priority load balancing modes. B-32
-s Writes the current configuration to a configuration file. B-34
snat Defines and sets options for SNAT (Secure NAT). B-35
summary Displays summary statistics for the BIG/ip Controller. B-40
timeout_node Sets the amount of time node addresses have to respond to a ping issued by the BIG/ip Controller. B-43
timeout_svc Sets the amount of time services have to respond to a service check issued by the BIG/ip Controller. B-45
tping_node Sets the interval at which the BIG/ip Controller pings node addresses to determine node status. B-47
tping_svc Sets the interval at which the BIG/ip Controller issues service checks to nodes to determine node status. B-48
treaper Sets the timeout for idle TCP connections on ports. B-50
udp Enables UDP traffic on ports, and sets the timeout for idle UDP connections. B-52
-v Displays the BIG/pipe utility version number. B-54
version Displays the BIG/ip Controller software version number. B-55
vip Defines virtual servers, virtual server mappings, and virtual server properties. B-56
Backward-compatible commands Lists the commands from previous versions of the BIG/ip Controller that are compatible with this version. B-68


-?

bigpipe <command> -?

Description

For certain commands, displays online help, including complete syntax, description, and other related information. For example, to see online help for the bigpipe port command, enter:

bigpipe port -?



alias

bigpipe alias [<node addr> [...<node addr>] ] show

bigpipe alias <node addr> [...<node addr>] delete

bigpipe alias <node addr> [...<node addr>] pingnode <pingnode addr>

Description

Defines a single node address to represent a group of node addresses which are actually IP aliases on the same physical server. To determine if the nodes associated with the representative node alias are available, the BIG/ip Controller sends a single node ping to the node alias, rather than an individual ping to each node address.

Note that you may also find this feature useful for nodes that are configured for service check, as long as each node uses the same port number.

Defining a node alias

Use the following syntax to define the node alias for one or more node addresses, where <pingnode addr> is the node alias (the node address that represents the group):

bigpipe alias <node addr> [...<node addr>] pingnode <pingnode addr>

Note: The address that serves as the node alias (<pingnode addr>) must be a node address that is already defined in one or more virtual server mappings.

The following command defines a node alias for two node addresses, 192.168.42.2 and 192.168.42.3. The BIG/ip Controller performs node pings on the alias address 192.168.42.1 to determine the availability of 192.168.42.2 and 192.168.42.3.

bigpipe alias 192.168.42.2 192.168.42.3 pingnode 192.168.42.1

Deleting a node alias

The following command deletes the node alias defined for the specific node:

bigpipe alias <node addr> delete

Displaying current node aliases

The following command displays all node aliases defined on the BIG/ip Controller:

bigpipe alias show

The following command displays the node alias defined for a specific node:

bigpipe alias <node addr> show



configsync

bigpipe configsync [all]

Description

Synchronizes configurations of two BIG/ip Controllers in a redundant system by copying the configuration file(s) from the active system to the standby system.

Using the configsync command without the all option synchronizes only the boot configuration file /etc/bigip.conf.

The all option changes the set of configuration files modified when the command is executed. When you synchronize a configuration using configsync all command, the following configuration files are copied to the other BIG/ip Controller:

  • /etc/bigip.conf
  • /etc/bigd.conf
  • /etc/bigip.interfaces
  • /etc/hosts.allow
  • /etc/netstart
  • /etc/ipfw.conf
  • /etc/rateclass.conf
  • /etc/ipfwrate.conf
  • /etc/snmpd.conf

    Be sure to save the current configuration to the /etc/bigip.conf file before you use the config sync feature.

Warning: If you are synchronizing a standby controller that already has configuration information defined, we recommend that you back up that controller's original configuration file(s).



conn

bigpipe conn [ <virt addr>[:<port>] ] dump

Description

Displays information about current client connections to virtual addresses and virtual servers.

The following command displays all current client connections:

bigpipe conn dump

The output shows the source IP, virtual server and port, and node connected to.

 bigip conn dump    

from vip node
100.100.100.30:49152 -> 100.100.100.100:23 -> 200.200.200.10:23
100.100.101.90:49153 -> 100.100.100.100:80 -> 200.200.200.10:80
...

Figure B.1 Formatted output of the conn command



-d

bigpipe -d [-]

bigpipe -d -f <filename>

Description

Parses the command line and checks syntax without executing the specified command.

This distinguishes between valid and invalid commands, and is particularly useful with the -f option, to validate the configuration file.

Use the -d command followed by a command that you want to validate:

bigpipe -d vip 10.10.10.100:80 define 192.168.195.2:80

The command checks the syntax and logic, reporting any errors that would be encountered if the command executed.

Use the -d command together with the -f <filename> command to validate and load the specified configuration file. For example, to check the syntax of the configuration file /etc/altbigpipe.conf, use the following command:

bigpipe -d -f /etc/altbigip.conf



-f

bigpipe -f <filename>

Description

Resets all of the BIG/ip Controller settings and then loads the configuration settings from the specified file, typically /etc/bigip.conf file, or another file you specify.

bigpipe -f /etc/bigip.conf

For testing purposes, you can save a test configuration by renaming it to avoid confusion with the boot configuration file. To load a test configuration, use the -f command with the <filename> parameter. For example, if you renamed your configuration file to /etc/bigtest.conf, the test command would be:

bigpipe -f /etc/bigtest.conf



failover

bigpipe failover active | standby | show

Description

Switches the BIG/ip Controller to be the active or the standby unit in a redundant system. The BIG/ip Controller automatically switches between active and standby modes, without operator intervention.

Show the status of the controller with the following command:

bigpipe failover show

Warning: A standby controller that has been put into active mode with this command is not fully configured for operation as the active controller in a redundant system. Important fail-over processes that properly handle an actual fail-over are not invoked by the failover command.



gateway

bigpipe gateway failsafe arm | disarm | show

Description

Turns the gateway fail-safe feature on and off. This command is supported only for redundant systems.

The typical use of gateway fail-safe is where active and standby BIG/ip Controllers use different routers as gateways to the internet. Fail-over is triggered if the gateway for the active controller is unreachable. Note that this is not a condition that is reliably detected by the interface fail-safe feature, but is reliably detected by gateway fail-safe.

To arm fail-safe on the gateway:

bigpipe gateway failsafe arm

To disarm fail-safe on the gateway, enter the following command:

bigpipe gateway failsafe disarm

To see the current fail-safe status for the gateway, enter the following command:

bigpipe gateway failsafe show



-h and -help

bigpipe [-h | -help ]

Description

Displays the bigpipe command syntax or usage text for all current commands.

Note: More detailed man pages are available for some individual bigpipe commands. To display detailed online help for the bigpipe command, type: man bigpipe



interface

bigpipe interface <ifname> internal | external | show

bigpipe interface <ifname> failsafe arm | disarm | show

bigpipe interface <ifname> timeout <seconds> | show

bigpipe interface <ifname> mac_masq <mac_addr> | show

bigpipe interface <ifname> vlans enable | disable | show

Description

Displays names of installed network interface cards and allows you to set properties for each network interface card.

Note: Interface fail-safe is not designed for gateway or node failure detection, as it cannot detect router or node failures in instances where other sources of Ethernet traffic are active on the interface.

Designating an internal or external interface

Use the following syntax to designate an interface as an internal or external interface.

bigpipe interface <ifname> internal | external

The <ifname> parameter takes a valid interface name such as:

  • exp0
    This is an Intel NIC on interface 0
  • fpa1
    This is an FDDI NIC on interface 1
  • de2
    This is a DEC/SMC NIC on interface 2
  • hmc0
    This is a Gigabit Ethernet NIC on interface 0

    The following example configures multiple (2) internal and one external interface on the BIG/ip Controller:

bigpipe interface de2 internal

bigpipe interface fpa1 internal

bigpipe interface exp0 external

Warning: Use caution when redefining internal and external interfaces. When you reconfigure interfaces, make sure that you have set up the interfaces you need for operation. It is possible to accidently take the controller out of network service by redefining interfaces.

Displaying status for interfaces

Use the following syntax to display the current status and the settings for all installed interface cards:

bigpipe interface show

Use the following syntax to display the current status and the setting for a specific interface.

bigpipe interface <ifname> show

Arming and disarming the fail-safe mode

Use the following command to activate the BIG/ip Controller interface fail-safe mode.

bigpipe interface <ifname> failsafe arm

When armed, the active controller automatically fails over to the standby controller whenever the active controller detects that there is no activity on the specified interface, and subsequently detects no activity on the interface in response to ARP requests. The default fail-safe mode is set to disarm.

Warning: You should arm the fail-safe mode only after you configure the BIG/ip Controller, and both the active and standby units are ready to be placed into a production environment.

Note that you must specify a default route before using the bigpipe interface failsafe command. You specify the default route in the /etc/hosts and /etc/netstart files.

Use the following command to deactivate the BIG/ip Controller interface fail-safe mode.

bigpipe interface <ifname> failsafe disarm

Setting the fail-safe timeout

Use the following syntax to set the amount of time, in seconds, that an interface will be monitored for activity in response to a BIG/ip Controller ARP request, in order to be designated operational.

bigpipe interface <ifname> timeout <seconds>

If no activity is detected on the interface within the specified time, the BIG/ip Controller assumes that the interface is down. Note that the default setting is 30 seconds.

Warning messages are generated after half of the specified timeout period. In the case of an armed BIG/ip Controller in a BIG/ip redundant system, traffic is switched from the active unit to the standby unit at the end of the timeout period. Note that the fail-safe timeout is used only if the fail-safe option is armed on the interface.

Viewing the timeout setting

Use the following syntax to view the fail-over timeout setting for a specific interface:

bigpipe interface <ifname> timeout show

Displaying the current fail-safe status

Use the following syntax to display the current status and settings for the BIG/ip Controller fail-safe mode:

bigpipe interface failsafe show

Setting the MAC masquerade address

Sharing the MAC masquerade address makes it possible to use BIG/ip Controllers in a network topology using secure hubs. You can view the media access control (MAC) address on a given controller using the following command:

/sbin/ifconfig -a

Use the following syntax to set the MAC masquerade address that will be shared by both BIG/ip Controllers in the redundant system.

bigpipe interface <ifname> mac_masq <MAC addr>

Warning: You must specify a default route before using the mac_masq command. You specify the default route in the /etc/hosts and /etc/netstart files.

Find the MAC address on both the active and standby units and choose one that is similar but unique. A safe technique for choosing the shared MAC address follows:

Suppose you want to set up mac_masq on the external interfaces. Using the ifconfig -a command on the active and standby units, you note that their MAC addresses are:

Active: exp0 = 0:0:0:ac:4c:a2



Standby: exp0 = 0:0:0:ad:4d:f3

In order to avoid packet collisions, you now must choose a unique MAC address. The safest way to do this is to select one of the addresses and logically OR the first byte with 0x40. This makes the MAC address a locally administered MAC address.

In this example, either 40:0:0:ac:4c:a2 or 40:0:0:ad:4d:f3 would be a suitable shared MAC address to use on both BIG/ip Controllers in the redundant system.

The shared MAC address is used only when the BIG/ip Controller is in active mode. When the unit is in standby mode, the original MAC address of the network card is used. On startup, or when transitioning from standby mode to active mode, the BIG/ip Controller sends gratuitous ARP requests to notify the default router and other machines on the local Ethernet segment that its MAC address has changed. See RFC 826 for more details on ARP.

Note: You can use the same technique to configure an internal interface MAC address.

Enabling VLAN communication for an interface

If you want to use IEEE 802.1q VLAN Trunk mode, then VLAN tags must be enabled on the BIG/ip Controller internal interface using the bigpipe interface command.

Use the following syntax to enable, disable or show the VLAN status of the specified interface:

bigpipe interface <ifname> vlans enable | disable | show



lb

bigpipe lb show

bigpipe lb round_robin

bigpipe lb ratio

bigpipe lb priority

bigpipe lb fastest

bigpipe lb least_conn

bigpipe lb predictive

bigpipe lb observed

Description

Sets the load balancing mode for all virtual servers.

Setting the load balancing mode

Use the following syntax to set the load balancing mode:

bigpipe lb <mode name>

The mode names allowed are displayed in the syntax section above.

The command below sets the load balancing mode to Least Connections, which routes new connections to the node which currently maintains the least number of connections.

bigpipe lb least_conn

Viewing the currently selected load balancing mode

The following command displays the currently selected load balancing mode.

bigpipe lb show



maint

bigpipe maint

Description

Toggles a BIG/ip Controller into and out of Maintenance mode. When in Maintenance mode, a BIG/ip Controller accepts no new connections, but it does allow existing connections to complete.

The maint command interactively prompts you to enter or exit the maintenance mode.

bigpipe maint

If the BIG/ip Controller is already in maintenance mode, the maint command takes the BIG/ip Controller out of maintenance mode. If the BIG/ip Controller is in maintenance mode for more than 20 minutes, the BIG/ip Controller immediately begins to accept new connection requests.

If the BIG/ip Controller has been in maintenance mode for more than 20 minutes, it automatically updates all network ARP caches; this process normally takes a few seconds. However, you can speed the process up by reloading the configuration file, using the following command:

bigpipe -f /etc/bigip.conf



mirror

bigpipe mirror enable | disable | show

Description

Enables and disables mirroring between active and standby BIG/ip Controllers. Mirroring ensures that persistence and connection information on the active controller is duplicated on the standby controllers. This command enables and disables mirroring for all virtual servers.

To enable mirroring on a redundant system:

bigpipe mirror enable

To disable mirroring on a redundant system:

bigpipe mirror disable

To show the current status of mirroring on a redundant system:

bigpipe mirror show



nat

bigpipe nat <node addr> to <NAT addr>[/<bitmask>] [<ifname>]

bigpipe nat <node addr> to <NAT addr> netmask <netmask> \
[broadcast <broadcast_ip>] [<ifname>]

bigpipe nat <node addr> [...<node addr>] delete

bigpipe nat <NAT addr> [...<NAT addr>] delete

bigpipe nat [<NAT addr> [...NAT addr>] ] show

bigpipe nat [<node addr> [...<node addr>] ] show

Description

Defines an IP address, routable on the external network, that a node can use to initiate connections to hosts on the external network and receive direct connections from clients on the external network. The NAT command defines a mapping between the IP address of a server behind the BIG/ip Controller <node addr> and an unused routable address on the network in front of the BIG/ip Controller <NAT addr>.

Defining a NAT

A NAT definition maps the IP address of a node <node addr> to a routable address on the external interface <NAT addr>, and can include an optional interface and netmask specification. Use the following syntax to define a NAT:

bigpipe nat <node addr> to <NAT addr>[/<bitmask>] [<ifname>]

The <ifname> parameter is the internal interface of the BIG/ip Controller through which packets must pass to get to the destination internal address. The BIG/ip Controller can determine the interface to configure for the NAT in most cases. The <ifname> parameter is useful, for example, where there is more than one internal interface.

The following example shows a NAT definition:

bigpipe nat 10.10.10.10 to 10.12.10.10/24 exp1

Deleting NATs

Use the following syntax to delete one or more NATs from the system:

bigpipe nat <node addr> [...<node addr>] delete

Displaying status of NATs

Use the following command to display the status of all NATs included in the configuration:

bigpipe nat show

Use the following syntax to display the status of one or more selected NATs:

bigpipe nat <node addr> [...<node addr>] show

 NAT { 10.10.10.3 to 9.9.9.9 }    
(pckts,bits) in = (0, 0), out = (0, 0)
NAT { 10.10.10.4 to 12.12.12.12
netmask 255.255.255.0 broadcast 12.12.12.255 }
(pckts,bits) in = (0, 0), out = (0, 0)

Additional Restrictions

The nat command has the following additional restrictions:

  • The IP address defined in the <node addr> parameter must be routable to a specific server behind the BIG/ip Controller.
  • You must delete a NAT before you can redefine it.
  • The interface for a NAT may only be configured when the NAT is first defined.


node

bigpipe node <node addr>[:<port>][...<node addr>[:<port>]] \
enable | disable

bigpipe node [<node addr>[:<port>][...<node addr>[:<port>]] ] show

bigpipe node <node addr>[:<port>][...<node addr>[:<port>]] \
limit <max conn>

Description

Displays information about nodes and allows you to set properties for nodes, and node addresses.

Enabling and disabling nodes and node addresses

To enable a node address, use the node command with a node address and the enable option:

bigpipe node 192.168.21.1 enable

To disable a node address, use the node command with the disable option:

bigpipe node 192.168.21.1 disable

To enable a node address, use the node command with a node address and port, and the enable option:

bigpipe node 192.168.21.1:80 enable

To disable one or more node addresses, use the node command with disable option:

bigpipe node 192.168.21.1:80 disable

Setting connection limits for nodes

Use the following command to set the maximum number of concurrent connections allowed on a node:

bigpipe node 192.168.21.1:80 limit 100

Note that to remove a connection limit, you also issue the preceding command, but set the <max conn> variable to 0 (zero):

Setting connection limits for node addresses

Use the following command to set the maximum number of concurrent connections allowed for a node addresses:

bigpipe node 192.168.21.1 limit 100

To remove a connection limit, you also issue the above command, but set the <max conn> variable to 0 (zero).

Displaying status of all nodes

bigpipe node show

When you issue the node show command, the BIG/ip Controller displays the node status (up or down), and a node summary of connection statistics, which is further broken down to show statistics by port. The report shows the following information:

  • current number of connections
  • total number of connections made to the node since last boot
  • maximum number of concurrent connections since the last boot
  • concurrent connection limit on the node
  • the total number of connections made to the node since last boot
  • total number of inbound and outbound packets and bits

    Figure B.2 shows the output of this command:

     bigpipe node 192.168.200.50:20    
    NODE 192.168.200.50 UP
    | (cur, max, limit, tot) = (0, 0, 0, 0)
    | (pckts,bits) in = (0, 0), out = (0, 0)
    +- PORT 20 UP
    (cur, max, limit, tot) = (0, 0, 0, 0)
    (pckts,bits) in = (0, 0), out = (0, 0)

    Figure B.2 Node status and statistics

Displaying the status of individual nodes and node addresses

Use the following command to display status and statistical information for a node addresses:

bigpipe node 192.168.21.1 show

The command reads the status of each node address, the number of current connections, total connections, and connections allowed, and the number of cumulative packets and bits sent and received.

Use the following command to display status and statistical information for one or more specific nodes:

bigpipe node 192.168.21.1:80 show

Setting connection limits for individual nodes and node addresses

Use the following command to set the maximum number of concurrent connections allowed for one or more nodes:

bigpipe node 192.168.21.1:80 limit <max conn>

Note that to remove a connection limit, you also issue the above command, but you set the <max conn> variable to 0 (zero).

Use the following command to set the maximum number of connections allowed for a node addresses:

bigpipe node <192.168.21.1> limit <max conn>

Note that to remove a connection limit, you also issue the above command, but you set the <max conn> variable to 0 (zero).



persist

bigpipe persist <port> [...<port>] <seconds>

bigpipe persist [<port> [...<port>] ] show | dump

Description

Enables or disables simple persistence on one or more virtual ports. Persistence tracks the source IP addresses and ports of all incoming requests, and the nodes and ports that hosted the request. It forces new connections from the source address to use the same node as used by the prior connection from that source IP address and port. A configurable time limit determines how long the BIG/ip Controller retains persistent connection information. By default, persistence is disabled on all ports. Persistence is affected by certain system control variables.

Setting a persistence timeout

Use the following syntax to set the number of seconds for which the BIG/ip Controller maintains persistent connection information on a specific virtual port:

bigpipe persist <port> <seconds>

Set <seconds> to 0 to turn persistence off for a specific virtual port.

Displaying persistence settings for virtual ports

Use the following syntax to display the number of seconds for which the BIG/ip Controller maintains persistent connection information for all virtual ports that have persistence turned on:

bigpipe persist show

Use the following syntax to display persistence settings for a specific virtual port:

bigpipe persist <port> show

Displaying persistent connections on a virtual port

Use the following syntax to display information about current persistent connections on a virtual port:

bigpipe persist [<port>] [...port] dump



port

bigpipe port <port> [...<port>] limit <max conn>

bigpipe port <port> [...<port>] enable | disable | show

Description

Enables and disables network traffic on virtual ports, and also sets connection limits on ports. You can use standard port numbers, service or port names (for example, www, http, or 80) for the <port> parameter. Note that the port settings you define with this command control the port service for all virtual servers that use the port. By default, all ports are disabled.

A port is any valid port number, between 0 and 65535, inclusive, or any valid service name in the /etc/services file.

Allowing and denying virtual ports

You can enable or disable traffic to specific virtual ports. The default setting for all virtual ports is disabled. Use the following syntax to allow one or more virtual ports:

bigpipe port <port> [...<port>] enable

To deny access to one or more virtual ports:

bigpipe port <port> [...<port>] disable

Setting connection limits on ports

Use the following syntax to set the maximum number of concurrent connections allowed on a virtual port. Note that you can configure this setting for one or more virtual ports.

bigpipe port <port> [...<port>] limit <max conn>

To turn off a connection limit for one or more ports, use the preceding command, setting the <max conn> parameter to 0 (zero):

bigpipe port <port> [...<port>] limit 0

Displaying the status of all virtual ports

Use the following syntax to display the status of virtual ports included in the configuration:

bigpipe port show

Displaying the status for specific virtual ports

Use the following syntax to display the status of one or more virtual ports:

bigpipe port <port> [...<port>] show

Figure B.3 shows a sample of formatted output of the port command.

 bigpipe port telnet show    

PORT 23 telnet enable
(cur, max, limit, tot, reaped) = (37,73,100,691,29)
(pckts,bits) in = (2541, 2515600), out = (2331, 2731687)

Figure B.3 Formatted output of port command showing the Telnet port statistics



-r

bigpipe -r

Description

Use the following syntax to clear the defined kernel and counter values from memory:

bigpipe -r

Warning: This command should be used with caution. All throughput is stopped when you run this command.

Typically, this command is used on a standby BIG/ip Controller prior to loading a new /etc/bigip.conf file that contains new tping and treaper values.

For example, you can execute the following commands on a standby BIG/ip Controller:

bigpipe -r

bigpipe -f <filename>

This sequence of commands ensures that only the values set in the <filename> specified are in use.



ratio

bigpipe ratio [<node addr>] [node addr> ...] show

bigpipe ratio <node addr> [<node addr>...] <weight>

Description

This command provides two functions related to load balancing:

  • For the Ratio load balancing mode, the command sets the weight or proportions for one or more node addresses.
  • For the Priority load balancing mode, the command sets the priority level. Note that multiple node addresses can have the same priority level setting.

Setting ratio weight for one or more node addresses

The default ratio setting for any node address is 1. If you use the Ratio or Priority load balancing modes, you must set a ratio other than 1 for at least one node address in the configuration. If you do not change at least one ratio setting, the load balancing modes have the same affect as the Round Robin load balancing mode.

Use the following syntax to set the ratio for one or more node addresses:

bigpipe ratio <node addr> [...<node addr>] <weight>

For example, the following command sets the ratio weight to 3 for a specific node address:

bigpipe ratio 192.168.103.20 3

Displaying the ratio weights for node addresses

The following command displays the current ratio weight settings for all node addresses.

bigpipe ratio show

The command displays the following output:

192.168.200.51 ratio = 3



192.168.200.52 ratio = 1

Displaying ratio weight for specific node addresses

Use the following syntax to display the ratio setting for one or more node addresses:

bigpipe ratio <node addr> [...<node addr>] show

Note: The <weight> parameter must be a whole number, greater than or equal to 1.



-s

bigpipe -s [ <filename> | - ]

Description

Writes the current BIG/ip Controller configuration settings from memory to the default boot configuration file named /etc/bigip.conf.

You can use a hyphen character ("-") in place of a file name to display the configuration on the standard output device.

bigpipe -s -

If you are testing and integrating BIG/ip Controllers into a network, you may want to use multiple test configuration files. Use the following syntax to write the current configuration to a filename that you specify:

bigpipe -s <filename>

For example, the following command saves the current configuration from memory to an alternate configuration file named /etc/bigip.conf2 .

bigpipe -s /etc/bigip.conf2



snat

bigpipe snat map default to <SNAT addr> [<ifname>] [netmask <ip>]
bigpipe snat map <node addr> [...<node addr>] to \
<SNAT addr> [netmask <ip>]
bigpipe snat <SNAT addr> [...<SNAT addr>] delete
bigip snat default delete
bigpipe snat default dump [verbose]
bigpipe snat [<node addr> [...<node addr>] ] dump [verbose]
bigpipe snat globals show
bigpipe snat default show
bigpipe snat [<node addr> [...<node addr>] ] show
bigpipe snat limit <max conn>
bigpipe snat default limit <max conn>
bigpipe snat <node addr> [...<node addr>] limit \
<max conn>
bigpipe snat <node addr> [...<node addr>] mirror \
enable | disable
bigpipe snat default mirror enable | disable
bigpipe snat <node addr> [...<node addr>] timeout tcp | udp \
<seconds>
bigpipe snat [default] timeout tcp | udp <seconds>
bigpipe snat <SNAT addr> [...<SNAT addr>] stats reset
bigpipe snat default stats reset

Description

Defines one or more addresses that nodes can use as a source IP address when initiating connections to hosts on the external network. Note that clients cannot use SNAT addresses to connect directly to nodes.

Defining the default SNAT

Use the following syntax to define the default SNAT. If you use the netmask parameter and it is different from the external interface default netmask, the command sets the netmask and derives the broadcast address.

bigpipe snat map default to <SNAT addr> [<ifname>] [netmask <ip>]

Creating individual SNAT addresses

The following bigpipe command creates a SNAT mapping:

bigpipe snat map <node addr> [...<node addr>] to \
<SNAT addr> [<ifname>] [netmask <ip>]

If the netmask is different from the external interface default netmask, the command sets the netmask and derives the broadcast address.

Deleting SNAT Addresses

The following syntax deletes a specific SNAT:

bigpipe snat <SNAT addr> | default delete

Showing SNAT mappings

The following bigpipe command shows mappings:

bigpipe snat [<SNAT addr>] [...<SNAT addr>] show

bigpipe snat default show

The following command shows the current SNAT connections:

bigpipe snat [<SNAT addr>] [...<SNAT addr>] dump [ verbose ]

bigpipe snat default dump [ verbose ]

The optional verbose keyword provides more detailed output.

The following command prints the global SNAT settings:

bigpipe snat globals show

Limiting connections

Use the following commands to set the maximum number of concurrent connections allowed for one or more SNAT addresses. Zero indicates no limit.

bigpipe snat 192.168.12.3 limit <max conn>

The default SNAT address connection limit is set with the following command:

bigpipe snat default limit <max conn>

Set global concurrent connection limit:

bigpipe snat limit <max conn>

Enabling mirroring for redundant systems

The following example sets SNAT mirroring for all SNAT connections originating at 192.168.225.100 :

bigpipe snat 192.168.225.100 mirror enable

Setting idle connection timeouts

Use the following command to set the timeout for idle TCP connections:

bigpipe snat timeout tcp <seconds>

Use the following command to set the timeout for idle UDP connections. Note that you must have a timeout set for UDP connections; zero is not allowed:

bigpipe snat timeout udp <seconds>

Use the following command to set the timeout for idle TCP connections originating at this node address. Set <seconds> to 0 (zero) to disable TCP timeout for these nodes.

bigpipe snat <node addr> [...<node addr>] timeout tcp <seconds>

Use the following command to set the timeout for idle TCP connections originating at the default node address. Set <seconds> to 0 (zero) to disable TCP timeout for these nodes.

bigpipe snat default timeout tcp <seconds>

Use the following syntax to set the timeout for idle UDP connections originating at this node address. Note that you must have a timeout set for UDP connections; zero is not allowed:

bigpipe snat <node addr> [...<node addr>] timeout udp <seconds>

Use the following syntax to set the timeout for idle UDP connections originating at the default SNAT address. Note that you must have a timeout set for UDP connections; zero is not allowed:

bigpipe snat default timeout udp <seconds>

Clearing statistics

You can reset statistics by node or by SNAT address. Use the following syntax to clear all statistics for one or more nodes:

bigpipe snat <node addr> [ ...<node addr> ] stats reset

Use the following syntax to clear all statistics for one or more SNAT addresses:

bigpipe snat <SNAT addr> [ ...<SNAT addr> ] stats reset

Use the following command to reset the statistics to zero for the default:

bigpipe snat default stats reset



summary

bigpipe summary

Description

Displays a summary of current usage statistics.

The output display format for the summary command is shown in Figure B.4.

 BIG/ip total uptime           = 1 (day) 4 (hr) 40 (min) 8 (sec)
BIG/ip total uptime (secs) = 103208
BIG/ip total # connections = 0
BIG/ip total # pkts = 0
BIG/ip total # bits = 0
BIG/ip total # pkts(inbound) = 0
BIG/ip total # bits(inbound) = 0
BIG/ip total # pkts(outbound) = 0
BIG/ip total # bits(outbound) = 0
BIG/ip error no nodes available = 0
BIG/ip tcp port deny = 0
BIG/ip udp port deny = 0
BIG/ip vip tcp port deny = 0
BIG/ip vip udp port deny = 0
BIG/ip max connections deny = 0
BIG/ip vip duplicate syn ssl = 0
BIG/ip vip duplicate syn wrong dest = 0
BIG/ip vip duplicate syn node down = 0
BIG/ip vip maint mode deny = 0
BIG/ip virtual addr max connections deny = 0
BIG/ip virtual path max connections deny = 0
BIG/ip vip non syn = 0
BIG/ip error not in out table = 0
BIG/ip error not in in table = 0
BIG/ip error vip fragment no port = 0
BIG/ip error vip fragment no conn = 0
BIG/ip error standby shared drop = 0
BIG/ip dropped inbound = 0
BIG/ip dropped outbound = 0
BIG/ip reaped = 0
BIG/ip ssl reaped = 0
BIG/ip persist reaped = 0
BIG/ip udp reaped = 0
BIG/ip malloc errors = 0
BIG/ip bad type = 0
BIG/ip mem pool total 96636758 mem pool used 95552 mem percent used 0.10

Figure B.4 Summary output display

For detailed descriptions of each of statistic displayed by the summary command, refer to Using the BIG/pipe command utility as a monitoring tool, on page 6-3.



timeout_node

bigpipe timeout_node show

bigpipe timeout_node <seconds>

bigpipe timeout_node 0

Description

Sets the amount of time that a server has to respond to a BIG/ip Controller ping in order for the server to be marked up. If a server fails to respond within the specified time, the BIG/ip Controller assumes that the server is down, and the BIG/ip Controller no longer sends requests to the services hosted by the server. If the server responds to the next ping, or to subsequent pings, the BIG/ip Controller then marks the server up, and resumes sending requests to those services.

The default is 15 seconds.

Displaying the current timeout value

Use the following command to display the current timeout setting for node ping:

bigpipe timeout_node show

Setting a timeout value for node ping

Use the following syntax to set the timeout setting for node ping:

bigpipe timeout_node <seconds>

The sample command below sets the time-out to 33 seconds.

bigpipe timeout_node 33

Disabling node ping

To disable node ping, you simply set the node ping timeout value to 0 (zero):

bigpipe timeout_node 0

Warning: Node ping is the only form of verification that the BIG/ip Controller uses to determine status on node addresses. If you turn node ping off while one or more node addresses are currently down, the node addresses remain marked down until you turn node ping back on and allow the BIG/ip Controller to verify the node addresses again.



timeout_svc

bigpipe timeout_svc [<port>] show

bigpipe timeout_svc <port> <seconds>

bigpipe timeout_svc <port> 0

Description

Sets the amount of time that a specific node has to respond to a service check issued by the BIG/ip Controller. There are three types of service checks, each of which is affected by this setting:

  • Simple Service check where the BIG/ip Controller attempts to establish a connection to the service hosted by the node
  • Extended content verification where the BIG/ip Controller requests specific content from the node
  • Extended application verification where the BIG/ip Controller executes an external service check program that verifies whether or not specific content is available on the node

    If a node fails to respond to any type of service check within the specified time, the BIG/ip Controller assumes that the service is down and no longer sends client requests to the service. If the node responds to the next service check, or to subsequent service checks, the BIG/ip Controller marks the service up, and resumes sending requests to the service.

Warning: The BIG/ip Controller does not attempt to detect the status of a node if node ping is turned off (bigd -n) and the timeout_svc and tping_svc values are set to 0 for a particular node.

The timeout_svc default for each port is set to 0, which disables service checks on the port.

Note that the BIG/ip Controller monitors only those services that have a timeout_svc value greater than 0.

Setting the service check timeout

Use the following syntax to set the service check timeout for a specific node port. Note that this setting applies to all nodes that use the port.

bigpipe timeout_svc <port> <seconds>

For example, the following command sets the service check timeout on port 80 to 120 seconds:

bigpipe timeout_svc 80 120

Disabling the service check

To disable service check on a specific port, use the above command, but set the <seconds> parameter to zero:

bigpipe timeout_svc <port> 0

Displaying service check timeouts

Use the following command to display the current service check timeout settings for all ports:

bigpipe timeout_svc show

The system displays the following output:

port 80 timeout after 120 seconds

The system only displays ports that have a timeout set to a value other than 0.

Use the following syntax to display the current service check timeout setting for a specific port:

bigpipe timeout_svc <port> [show]



tping_node

bigpipe tping_node show

bigpipe tping_node <seconds>

Description

Sets the interval (in seconds) at which a BIG/ip Controller issues a ping to each server managed by the BIG/ip Controller. If a specific server responds to the ping within a set time, the server is marked up and the BIG/ip Controller sends connections to the services hosted by that server. If a server fails to respond to a ping within the specified time, the BIG/ip Controller assumes that the server is no longer available, and it marks the node down.

Note that the timeout_node setting determines the number of seconds that a server has to respond to the ping issued by the BIG/ip Controller.

The default setting for tping_node is 5 seconds.

Setting a node ping interval

Use the following syntax to set the number of seconds which a server has to respond to a ping issued by the BIG/ip Controller:

bigpipe tping_node <seconds>

Disabling node ping

To turn node ping off, simply set the interval to 0 seconds:

bigpipe tping_node 0

Displaying the current node ping setting

Use the following command to display the current node ping setting:

bigpipe tping_node show



tping_svc

bigpipe tping_svc show

bigpipe tping_svc <port> <seconds>

bigpipe tping_svc <port> 0

Description

Sets the interval (in seconds) at which BIG/ip Controller issues a service check to one or more specific nodes included in the configuration. There are three types of service check, each of which is affected by this setting:

  • Simple Service check where the BIG/ip Controller attempts to establish a connection to the service hosted by the node
  • Extended content verification where the BIG/ip Controller requests specific content from the node
  • Extended application verification where the BIG/ip Controller executes an external service check program that verifies whether or not specific content is available on the node

    If a node fails to respond to a service check within the time specified by the timeout_svc setting, the BIG/ip Controller marks the service down, and no longer routes client requests to it.

Warning: The BIG/ip Controller does not attempt to detect the status of a node if node ping is turned off (bigd -n) and the timeout_svc and tping_svc values are set to 0 for a node.

Setting global service check intervals for a node port

Use the following syntax to set a service check interval for a specific node port.

bigpipe tping_svc <port> <seconds>

Use the following syntax to turn service check off for a specific node port.

bigpipe tping_svc <port> 0

Displaying the current service check interval

Use the following syntax to display the intervals at which the BIG/ip Controller issues service checks to all nodes configured for service check:

bigpipe tping_svc show



treaper

bigpipe treaper show

bigpipe treaper <port> <seconds>

bigpipe treaper <port> 0

Description

Sets the expiration time for idle TCP connections on a specific port. An idle connection is one in which no data has been received or sent for the number of seconds specified by the treaper command. The treaper default value is 0 seconds, meaning that no idle connections are terminated. For treaper to be effective, you should set its value to be greater than the configured timeout for the service daemons installed on your nodes.

The treaper command clears the connection tables, avoiding memory problems due to the accumulation of dead, but not terminated, connections.

Setting the idle TCP connection timeout for a virtual port

Use the following syntax to set an inactive connection timeout for one or more virtual ports:

treaper <port> <seconds>

To turn inactive connection timeout off, use the same command but set the number of seconds to zero:

treaper <port> 0

Note: Typical settings include 120s for 25/SMTP, 120s for 80/www, 300- 600 for 20/ftp-data and 21/ftp-data.

Displaying the current inactive connection timeout

Use the following syntax to display the current number of seconds that connections are allowed to remain idle before being dropped:

bigpipe treaper show



udp

bigpipe udp [<port> [...port] ] show

bigpipe udp <port> [...<port>] <seconds>

bigpipe udp <port> 0

Description

The udp command enables UDP traffic on virtual ports and also sets a timeout for idle UDP connections. UDP traffic is enabled only when the timeout is set to a value greater than 0 (zero). You can disable UDP traffic on a port by setting the idle connection timeout to 0 (zero). By default, UDP is disabled on all ports.

Setting the idle connection timeout for UDP traffic

Use the following syntax to set the UDP timeout on one or more virtual ports, where the <seconds> parameter is the number of seconds before an idle connection is dropped:

bigpipe udp <port> <seconds>

For example, the following command sets the UDP timeout to 300 seconds for port 53:

bigpipe udp 53 300

To turn UDP timeout off for a virtual port, use the above command, setting the <seconds> parameter to zero:

bigpipe udp <port> 0

Displaying UDP settings

Use the following command to display the UDP timeout setting for all ports that allow UDP:

bigpipe udp show

Use the following syntax to display the timeout setting for a specific virtual port that allows UDP:

bigpipe udp <port> show

The system displays the output:

port 53 idle udp connections expire after 300 seconds



-v

bigpipe -v

Description

Displays version number of the BIG/pipe command utility.

For example, bigpipe -v displays the following output:

bigpipe: 2.1



version

bigpipe version

Description

Displays the version number of the BIG/ip Controller's operating system.

The bigpipe version command outputs the following version information:

BIG/ip: version 2.1



vip

vip <virt addr>[:<port>] [/<bitmask>] [<ifname> | none ] define \
<node addr>[:<port>] [...<node addr>[:<port>] ] [special ssl \ <seconds> <seconds>]
vip <virt addr>[:<port>] netmask <ip> [broadcast <ip>] \
[<ifname> | none ] define <node addr>[:<port>] \
[...<node addr>[:<port>] ] [special ssl <seconds> <seconds>]
vip [<virt addr>[:<port>]] [...<virt addr>[:<port>] ] show
vip <virt addr>[:<port>] [<ifname>] [ ... <virt addr>[:<port>] ] \
enable | disable | delete
vip <virt addr>[:<port>] [... <virt addr>[:<port>]] limit \
<max conn>
vip <virt addr>:<port> mirror conn enable | disable | show
vip <virt addr>:<port> mirror persist enable | disable | show
vip <virt addr>:<port> persist show | dump | value
vip <virt addr>:<port> persist mask <ip> | none | show
vip 0.0.0.0:<port> sticky [ enable | disable | show | clear | dump ]
vip 0.0.0.0:<port> sticky mask [ <ip> | none | show ]
vip sticky dump
vip sticky clear

Description

Creates, deletes, and displays information about virtual servers. This command also sets mirroring, persistence, connection limits, and timeouts on a virtual server.

Defining a virtual server

Virtual servers are port-specific, and if you are configuring a site that supports more than one service, you need to configure one virtual server for each service offered by the site. Use the following syntax to define an individual virtual server and the node or nodes to which the virtual server maps:

bigpipe vip <virt addr>:[<port>] define <node addr>[:<port>] \
[...<node addr>[:<port>] ]

For example, the following command configures a virtual server that uses three nodes. In the example, two of the nodes do not use port 80, the standard HTTP port. Node port numbers do not necessarily have to match the virtual server's port number.

bigpipe vip 192.168.140.100:80 define 192.168.11.22:80 \ 192.158.11.23:8080 192.168.11.23:8050

Note that if you want to add or remove a node from a virtual server, you must redefine the virtual server. You cannot add or remove individual nodes from a virtual server mapping without redefining the virtual server itself.

The following example shows a similar definition where host names are used in place of IP addresses, and service names are used in place of port numbers. Note that if you use service names, the default port number associated with that service is used.

bigpipe vip www.SiteOne.com:http define NodeOne:http NodeTwo:http \ NodeThree:http

If you are using non-default ports to host a specific service, you should use the port number in the definition rather than the service name.

Displaying information about virtual servers

Use the following syntax to display information about all virtual servers included in the configuration:

bigpipe vip show

Use the following syntax to display information about one or more virtual servers included in the configuration:

bigpipe vip <virt addr>:<port> [...<virt addr>:<port>] show

The command displays information such as the nodes associated with each virtual server, the nodes' status, and the current, total, and maximum number of connections managed by the virtual server since the BIG/ip Controller was last rebooted.

Defining an interface for a virtual server

If you have multiple external interfaces, you can specify one of them when you define a virtual server. If you specify an interface name, the BIG/ip Controller responds to ARP requests for the virtual address. If you do not specify an interface name, the BIG/ip Controller responds to ARP requests for the virtual server only on the default interface. If you do not want the BIG/ip Controller to respond to ARP requests on any interface, use the option none in place of the an <ifname> parameter.

(Use the bigpipe interface show command to see a list of interfaces).

All virtual servers that share a virtual address must use the same external interface. Changing the interface for a virtual server changes the interface for all virtual servers having the same virtual address.

Setting a user-defined netmask and broadcast

The default netmask for a virtual address, and for each virtual server hosted by that virtual address, is determined by the network class of the IP address entered for the virtual server. The default broadcast is automatically determined by the BIG/ip Controller, and it is based on the virtual address and the current netmask. You can override the default netmask and broadcast for any virtual address.

All virtual servers hosted by the virtual address use the netmask and broadcast of the virtual address, whether they are default values or they are user-defined values.

Note that if you want to use a custom netmask and broadcast, you define both when you define the virtual server:

bigpipe vip <virt addr>[:<port>] netmask <ip> [broadcast <ip>] \ [<ifname>] define <node addr>[:<port>] [... <node addr> \
[:<port>] ]

Note: For most configurations, the BIG/ip Controller correctly calculates the broadcast based on the IP address and the netmask. A user- defined broadcast address is not necessary.

Again, even when you define a custom netmask and broadcast in a specific virtual server definition, the settings apply to all virtual servers that use the same virtual address. The following sample command shows a user-defined netmask and broadcast:

bigpipe vip www.SiteOne.com:http netmask 255.255.0.0 \
broadcast 10.0.140.255 define NodeOne:http NodeTwo:http

The /bitmask option shown in the following example applies network and broadcast address masks. In this example, a 24-bit bitmask sets the network mask and broadcast address for the virtual server:

bigpipe vip 206.168.225.1:80/24 define 192.198.255.1

You can generate the same broadcast address by applying the 255.255.255.0 netmask. The effect of the bitmask is the same as applying the 255.255.255.0 netmask. The broadcast address is derived as 206.168.225.255 from the network mask for this virtual server.

Setting properties on a virtual server

You can set the following properties on a virtual server:

  • Cookie persistence
  • A connection limit
  • An SSL persistence timeout and an SSL session ID record timeout
  • Mirroring persistence and connection state information from active controller to standby controller.

To activate HTTP cookie persistence from the command line

To activate HTTP cookie persistence from the command line, use the following syntax:

bigpipe vip <virt addr>:<service> define <node addr> [...<node addr>] special cookie <mode name> <timeout>

For the <mode name>, type Insert, Rewrite, or Passive. The <timeout> value for the cookie is written using the following format:

<days>d hh:mm:ss

Setting a connection limit

The default setting is to have no limit to the number of concurrent connections allowed on a virtual server. You can set a concurrent connection limit on one or more virtual servers using the following command:

bigpipe vip <virt addr>[:<port>] [...<virt addr>[:<port>] ] limit \ <max conn>

The following example shows two virtual servers set to have a concurrent connection limit of 5000 each:

bigpipe vip www.SiteOne.com:http www.SiteTwo.com:ssl limit 5000

To turn the limit off, set the <max conn> variable to zero:

bigpipe vip <virt addr>[:<port>] [...<virt addr>[:<port>] ] limit 0

Defining SSL persistence settings

You can turn on SSL persistence for a virtual server when you define the virtual server. The command includes parameters for setting the persistence timeout, as well as an inactive connection timeout for SSL session ID records:

bigpipe vip <virt addr>[:<port>] define <node addr>[:<port>] \
[...<node addr>[:<port>] ] [special ssl <persistence timeout> \
<ssl session id timeout>]

Note that if you want to change SSL settings on an existing virtual server, you must redefine the virtual server, including the nodes to which the virtual server maps and the SSL persistence settings. To turn SSL persistence off, use the above command, setting both the <persistence timeout> and <ssl session id timeout> parameters to 0:

bigpipe vip <virt addr>[:<port>] define <node addr>[:<port>] \
[...<node addr>[:<port>] ] special ssl 0 0

The following example shows a virtual server set to use SSL persistence where SSL persistence is maintained by the BIG/ip Controller for 36000 seconds, and SSL session id records are maintained for 60000 seconds:

bigpipe vip 210.12.140.11:443 define NodeOne:ssl NodeTwo:ssl \
special ssl 36000 60000

Setting sticky persistence for Transparent Node Mode

BIG/ip Controllers are enhanced with special persistence features for balancing caching proxy server load. This special persistence, called sticky persistence, is configurable to let you designate a proxy server in an array to cache content from a specified IP address range. The BIG/ip Controller can send all packets within the IP range to the proxy server where it is cached. The connections are directed to the proxy where the destination is cached.

To further optimize a proxy array using sticky persistence, you can partition the global internet address space across the array of proxy servers. A sticky mask can be defined for each virtual server.

Sticky entries do not timeout, so traffic goes to the same firewall indefinitely. A limiting mechanism is built into the BIG/ip Controller to control the amount of memory consumed by sticky entries. Once the limit is reached, further attempts to write new sticky entries fail, and are logged ("bigip: Reached maximum # of sticky entries. Entry not added."). In this case, instead of reaping useless entries, make the sticky mask less specific so it groups more addresses together. Since sticky entries do not time out, use the clear command to delete all the entries.

As with other methods of persistence, sticky persistence can be configured using sysctl variables bigip.persist_any_port_same_vip and bigip.persist_any_vip. These define whether each virtual server maintains its own list of persistence entries, or whether the entries are shared among virtual servers. The sticky pesistence uses these settings as they are documented for simple persistence.

Use the following command to turn sticky feature on for the virtual server:

bigpipe vip 0.0.0.0:<port> sticky enable

Use the following command to turn sticky feature off for the virtual server:

bigpipe vip 0.0.0.0:<port> sticky disable

Use the following command to show whether sticky is on or off for the virtual server:

bigpipe vip 0.0.0.0:<port> sticky show

Use the following command to list sticky entries for the virtual server:

bigpipe vip 0.0.0.0:<port> sticky dump

Figure B.5 displays the output of a sticky dump for a virtual server with a sticky mask of 192.0.0.0:

 Sticky Address	 Firewall/Node 

 



0.0.0.0 10.1.1.1

64.0.0.0 10.1.1.2

128.0.0.0 10.1.1.3

192.0.0.0 10.1.1.4

Figure B.5 Formatted output of sticky dump.

Use the following syntax to delete sticky entries for the virtual server:

bigpipe vip <virt addr>:<port> sticky clear

Use the following syntax to define the sticky mask for the virtual server:

bigpipe vip <virt addr>:<port> sticky mask <mask>

Use the following syntax to remove the sticky mask from a virtual server:

bigpipe vip <virt addr>:<port> sticky mask none

Use the following syntax to show the sticky mask for the virtual server:

bigpipe vip <virt addr>:<port> sticky mask show

Use the following command to clear all sticky connections on a BIG/ip issue the following bigpipe command:

bigpipe sticky clear

Setting persistence timeout on virtual ports

The bigpipe persist and bigpipe persist mask commands set persistence properties on virtual ports.

Use the following syntax to set the persistence duration, that is, the length of time in seconds that persistence information about a connection is stored.

bigpipe vip <virt addr>:<port> persist <value>

For example, the following command sets persistence to 100 minutes on the http port:

bigpipe vip 192.168.100.1:80 6000

Showing persistence timeout on virtual ports

Use the following syntax to show the persistence duration on a virtual port:

bigpipe vip <virt addr>:<port> persist show

Use the following syntax to display information about current persistence connections on a virtual port:

bigpipe vip <virt addr>:<port> persist dump

The output of persist dump lists client address, virtual path, or node/alive time.

Applying a persist mask

Use the following command to specify a range of IP addresses to be included in persistence of the specified virtual port. The command adds a persist mask to a port, where <mask> is an IP address:

bigpipe vip <virt addr>:<port> persist mask <mask>

For example, the following command would set persistence for the specified port on all addresses in the subnetwork 192.168.100.0:

bigpipe vip <virt addr>:80 persist mask 192.168.100.0

Mirroring active to standby controllers

Mirroring provides seamless recovery for current connections and persistence information when a BIG/ip Controller fails. When you use the mirroring feature, the standby controller maintains the same current connection and persistence information as the active controller. Transactions such as FTP file transfers continue as though uninterrupted.

To control mirroring for a virtual server, use the mirror command to enable or disable mirroring of persistence information, or connections, or both. The syntax of the command is:

bigpipe vip <virt addr>:<port> mirror [ persist | conn ] \
enable | disable

To print the current mirroring setting for a virtual server:

bigpipe vip <virt addr>:<port> mirror [ persist | conn ] show

If you do not specify either persist or conn, the BIG/ip Controller displays connection information for both.

Note: If you set up mirroring on a virtual server that supports FTP connections, you need to mirror the control port virtual server, and the data port virtual server.

The following example shows the two commands used to enable mirroring for virtual server v1 on the FTP control and data ports:

bigpipe vip v1:21 mirror conn enable

bigpipe vip v1:20 mirror conn enable

Removing and returning a virtual server to service

You can remove an existing virtual server from network service, or return the virtual server to service, using the disable and enable keywords. When you disable a virtual server, the virtual server no longer accepts new connection requests, but it allows current connections to finish processing before the virtual server goes down. Use the following syntax to remove a virtual server from network service:

bigpipe vip <virt addr>:<port>
[ ... <virt addr>:<port>] disable

Use the following syntax to return a virtual server to network service:

bigpipe vip <virt addr>:<port> enable

Removing and returning a virtual address to service

You can remove an existing virtual address from network service, or return the virtual address to service, using the disable and enable keywords. Note that when you enable or disable a virtual address, you inherently enable or disable all of the virtual servers that use the virtual address.

bigpipe vip <virt addr> disable

Use the following syntax to return a virtual address to network service:

bigpipe vip <virt addr> enable

Displaying information about virtual addresses

You can also display information about the virtual addresses that host individual virtual servers. Use the following syntax to display information about one or more virtual addresses included in the configuration:

bigpipe vip <virt addr> [... <virt addr> ] show

The command displays information such as the virtual servers associated with each virtual address, the status, and the current, total, and maximum number of connections managed by the virtual address since the BIG/ip Controller was last rebooted, or since the BIG/ip Controller became the active unit (redundant configurations only).

Deleting a virtual server

Use the following syntax to permanently delete one or more virtual servers from the BIG/ip Controller configuration:

bigpipe vip <virt addr>:<port> [... <virt addr>:<port>] delete

Backward compatible commands

The following BIG/pipe commands have been included for users of previous versions.

dt [<ip>[:<port> ] ]

port <port> [<port>... ] [allow | deny] [ limit <limit> ]

vip <virt addr>:<port> persistmask [ <IP address mask> ]

vip <virt addr>:<port> persistmask [ none | show ]

vip <virt addr>[:<port>] [<ifname>] netmask <ip> \
[ broadcast <ip> ] define <node addr>[:<port> \
[ <node addr>[:<port>... ] [ special ssl <value> <value> ]

nat <node addr> to <NAT addr> [<ifname>] netmask <ip> \
[ broadcast <ip> ]

fo [ master | slave ]